From aaf989d9f20fe63d96209ba9bf360e2c188ff5c9 Mon Sep 17 00:00:00 2001 From: Igor Santos Date: Wed, 6 Nov 2024 12:22:26 -0300 Subject: [PATCH] feat(instances): add bootstrap and persist terraform-state on S3 e Dynamo --- README.md | 29 ++++++++++++++++++++++ instances/bootstrap/main.tf | 48 +++++++++++++++++++++++++++++++++++++ instances/main.tf | 13 +++++++++- 3 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 README.md create mode 100644 instances/bootstrap/main.tf diff --git a/README.md b/README.md new file mode 100644 index 0000000..8397e50 --- /dev/null +++ b/README.md @@ -0,0 +1,29 @@ +## Instancias + +Tecnologia: terraform + +### Como executar a infraestrutura + +O estado do terraform está sendo compartilhado no S3 com gerenciamento de lock em uma tabela no DynamoDB. + +Se o bucket configurado `bonde-terraform-up-and-running-state` não existir na lista de buckets da sua conta Amazon (região: us-east-1), você deve executar os seguintes comandos na pasta `instances/boostrap`: + +```bash +terraform init +terraform plan +terraform init -auto-approve +``` + +Essa sequência de comandos acima irá criar a infraestrutura não persistente responsável por cuidar do estado da nossa infraestrutura persistente. + +#### Executando a infraestrutura persistente + + + +## Sites + + +## TODO + +- Persistir o estado no S3 +- Criar fluxo de trabalho para publicação automatizada no Github \ No newline at end of file diff --git a/instances/bootstrap/main.tf b/instances/bootstrap/main.tf new file mode 100644 index 0000000..88babf0 --- /dev/null +++ b/instances/bootstrap/main.tf @@ -0,0 +1,48 @@ +provider "aws" { + region = "us-east-1" +} + +resource "aws_s3_bucket" "terraform_state" { + bucket = "bonde-terraform-up-and-running-state" + + # Prevent accidental deletion of this S3 bucket + lifecycle { + prevent_destroy = true + } +} + +resource "aws_s3_bucket_versioning" "enabled" { + bucket = aws_s3_bucket.terraform_state.id + versioning_configuration { + status = "Enabled" + } +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "default" { + bucket = aws_s3_bucket.terraform_state.id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +resource "aws_s3_bucket_public_access_block" "public_access" { + bucket = aws_s3_bucket.terraform_state.id + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} + +resource "aws_dynamodb_table" "terraform_locks" { + name = "terraform-up-and-running-locks" + billing_mode = "PAY_PER_REQUEST" + hash_key = "LockID" + + attribute { + name = "LockID" + type = "S" + } +} \ No newline at end of file diff --git a/instances/main.tf b/instances/main.tf index 783674a..18b6a79 100644 --- a/instances/main.tf +++ b/instances/main.tf @@ -7,10 +7,21 @@ terraform { } required_version = ">= 1.2.0" + + backend "s3" { + # Replace this with your bucket name! + bucket = "bonde-terraform-up-and-running-state" + key = "global/s3/terraform.tfstate" + region = "us-east-1" + + # Replace this with your DynamoDB table name! + dynamodb_table = "terraform-up-and-running-locks" + encrypt = true + } } provider "aws" { - region = "us-east-1" + region = "us-east-1" } # Módulo para o servidor web